CIOs, Auditors to Get New Software Controls Guide

It’s time for an audit of the application controls for every business system throughout your organization, from enterprise resource planning to e-mail programs, document imaging systems and product design software. As a CIO, are you prepared?

If you’ve upgraded or modified applications since the last application controls audit, you’d be smart to check out a forthcoming 33-page guide on applications controls to be released July 9 by the Institute of Internal Auditors (IIA). The eighth in the institute’s Global Technology Audit Guide (GTAG) series, “Auditing Application Controls” will be available for free to the institute’s 130,000 members in 160 countries, as well as to nonmembers via the group’s Web site at

Click here to read about the Society for Information Management Advanced Practices Council’s suggestions for grooming the CIO of the future.

Although the GTAG guidance is not mandatory, the auditing and testing of software controls on a periodic basis is considered a best practice by the IIA. The GTAG guide includes an eight-page section listing a series of controls and tests that companies can perform to make sure controls are correct and working properly. “These controls and suggested tests are generic and should apply to all systems,” says Heriot Prentice, director of technology practices at the IIA in Altamonte Springs, Fla.

There are plenty of reasons software controls need to be periodically audited and tested. For one, all transactional systems such as ERP and financial systems—as well as support applications such as e-mail programs and design software—pose risks stemming from how they are configured, managed and used by employees.

Another reason for regular audits and tests of software controls is that any configuration changes or modifications to business applications can introduce additional risk. For instance, tolerance levels can be manipulated to disable controls. Likewise, purchase approval controls can be altered without requiring any changes in the underlying code.

For this reason, the GTAG guidance recommends that auditors should be part of any software implementation or upgrade team to ensure controls are in place and working. “Your auditors need to identify the controls that need to be built into that application,” Prentice says.

Read the full story on CIOs, Auditors to Get New Software Controls Guide on July 9

Check out’s for the latest news, reviews and analysis about productivity and business solutions.

CIO Insight Staff
CIO Insight Staff
CIO Insight offers thought leadership and best practices in the IT security and management industry while providing expert recommendations on software solutions for IT leaders. It is the trusted resource for security professionals who need network monitoring technology and solutions to maintain regulatory compliance for their teams and organizations.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles